0:00:00.090,0:00:13.750
33C3 preroll music
0:00:13.750,0:00:16.299
basically textbooks have been written
0:00:16.299,0:00:19.718
about it countless talks have been
0:00:19.718,0:00:22.480
have been Illuminating all of the errors
0:00:22.480,0:00:26.690
of our ways and still all those sucky
0:00:26.690,0:00:30.400
software is out there but
0:00:30.400,0:00:33.130
Fefe over here the hero of our show
0:00:33.130,0:00:36.700
has put out has put all of these best
0:00:36.700,0:00:39.990
practices into you know into his work to
0:00:39.990,0:00:43.480
try to create a secure website he's
0:00:43.480,0:00:46.859
going to show us how it's done so that
0:00:46.859,0:00:52.489
we can all sleep way better at night and
0:00:52.489,0:00:55.189
with that template go back and
0:00:55.189,0:00:57.303
and secure our own software and so with
0:00:57.303,0:00:59.540
that I'm going to hand it right over to
0:00:59.540,0:01:01.930
Fefe give him a round of applause
0:01:01.930,0:01:12.406
Applause
0:01:13.371,0:01:15.153
thank you I have to start
0:01:15.153,0:01:17.580
with an apology because I did submit
0:01:17.580,0:01:19.840
this talk but it was rejected so the
0:01:19.840,0:01:21.880
slides are not at the stage where they
0:01:21.880,0:01:24.320
should be these are our slides for a
0:01:24.320,0:01:26.359
previous version of the talk it contains
0:01:26.359,0:01:28.179
all the material and I tried to update
0:01:28.179,0:01:30.231
it more but that destroyed the flow so
0:01:30.231,0:01:33.334
we we're stuck with it basically the
0:01:33.084,0:01:35.720
difference was the the audience so while
0:01:35.720,0:01:37.580
I expect more developers here the other
0:01:37.580,0:01:39.259
audience was more and hackers and
0:01:39.259,0:01:42.640
business people so I try to get them
0:01:42.640,0:01:45.800
from where they are and the main question
0:01:45.800,0:01:48.382
usually is "are we there yet?" right
0:01:48.382,0:01:50.842
so about me you probably
0:01:50.842,0:01:52.960
seen this before I'm a code auditor by
0:01:52.960,0:01:55.479
trade I have a small company and
0:01:55.229,0:01:57.230
companies show us their code and I show
0:01:57.230,0:02:00.190
them bugs I find in them quite easy
0:02:01.911,0:02:04.000
but before we start I have a small
0:02:04.000,0:02:06.500
celebration to do this actually happened
0:02:06.500,0:02:09.230
just a day before the first time I
0:02:09.230,0:02:11.680
talked about this so Kaspersky
0:02:11.680,0:02:15.440
message they found some malware introduced
0:02:15.440,0:02:16.540
tied to libc
0:02:16.540,0:02:18.340
which I have written so this is
0:02:18.340,0:02:19.270
like a
0:02:19.270,0:02:26.430
Applause
0:02:27.257,0:02:28.999
some of the malware people
0:02:28.999,0:02:31.020
know what's good
0:02:31.020,0:02:33.430
so basically the main question when I
0:02:33.430,0:02:35.769
talk to customers is we spend so much
0:02:35.769,0:02:38.860
money on this why isn't it working
0:02:38.860,0:02:42.399
and the answer is you're doing it wrong
0:02:42.399,0:02:46.420
so I will try to show now what exactly[br]is wrong
0:02:46.420,0:02:49.830
and there's a small preface here people
0:02:49.830,0:02:51.730
usually say there's no time to do this
0:02:51.730,0:02:54.230
right and that's just wrong you have
0:02:54.230,0:02:56.580
exactly as much time per day as other
0:02:56.580,0:02:58.640
people who did great things so you can
0:02:58.640,0:03:01.780
do great things too you just need to do it
0:03:02.620,0:03:05.420
so let's play a little warm-up game
0:03:05.420,0:03:07.050
it's called how it started and how
0:03:07.050,0:03:09.570
it's going so let's have a demo round
0:03:09.570,0:03:11.420
IBM Watson is revolutionizing
0:03:11.420,0:03:14.839
10 Industries and it's going like this
0:03:14.839,0:03:17.219
whatever happened to IBM Watson that's a
0:03:17.219,0:03:19.629
typical pattern in the security industry
0:03:19.629,0:03:23.150
right so here's another one how it started
0:03:23.150,0:03:25.480
revolutionize security with AI
0:03:25.480,0:03:27.261
right we all know where this is going
0:03:27.261,0:03:28.461
Laugther
0:03:28.461,0:03:31.230
right so that's the pattern
0:03:31.230,0:03:33.640
let's play IT security mine sweeper
0:03:33.390,0:03:35.256
right so everybody here probably
0:03:35.256,0:03:37.349
knows who Gartner is they publish
0:03:37.349,0:03:39.379
recommendations and they even have a
0:03:39.379,0:03:41.249
voting section where people can say
0:03:41.249,0:03:43.159
this is the best product in this section
0:03:42.909,0:03:45.248
right so let's look at a few of them and
0:03:45.248,0:03:48.040
see what happened to people who trusted[br]Gartner
0:03:48.040,0:03:51.020
first is a firewall right so how
0:03:51.020,0:03:54.247
it started the number one recommendation
0:03:54.247,0:03:57.175
is for Fortinet and they have a lot of
0:03:57.175,0:03:59.425
marketing gibberish
0:03:59.425,0:04:01.229
Laughter
0:04:01.229,0:04:03.159
and if you look how it's going it's not
0:04:03.159,0:04:05.300
going so good
0:04:05.850,0:04:08.090
so let's extend the pattern a bit
0:04:08.090,0:04:10.420
why what happened to me in this regard
0:04:10.420,0:04:11.750
so I don't need a firewall
0:04:11.750,0:04:14.270
I don't have any ports open that I need[br]blocking right
0:04:14.270,0:04:16.120
so you don't need this
0:04:16.120,0:04:18.559
strictly speaking you don't need it
0:04:18.559,0:04:20.479
next discipline endpoint protection
0:04:20.479,0:04:24.519
so it started with Trellix this is the
0:04:24.519,0:04:26.773
number one recommendation on Gartner
0:04:26.773,0:04:28.769
I hadn't heard of them there like can make
0:04:28.769,0:04:30.429
a feed joint venture or something
0:04:30.429,0:04:31.434
who cares
0:04:31.434,0:04:34.543
they also have great marketing gibberish
0:04:34.543,0:04:36.304
and then if you look at what happened
0:04:36.304,0:04:39.214
it's like they made it worse
0:04:39.214,0:04:42.955
okay so this didn't apply to me
0:04:42.955,0:04:45.305
either because I don't use snake oil
0:04:45.305,0:04:47.295
let's see the third one password manager
0:04:47.295,0:04:48.530
also very popular
0:04:49.730,0:04:52.320
how it started recommended LastPass
0:04:52.320,0:04:54.250
you probably know where this is going
0:04:54.250,0:04:55.747
Laugther
0:04:57.129,0:04:59.710
yeah they got owned and then
0:04:59.710,0:05:00.892
people got owned
0:05:02.502,0:05:05.241
so you may notice a pattern here
0:05:05.436,0:05:06.916
this didn't apply to me because
0:05:06.916,0:05:08.916
I deserve a password authentication use
0:05:08.916,0:05:10.810
public key which has been available for
0:05:10.810,0:05:14.150
decades right so small bonus
0:05:14.150,0:05:17.109
the last one 2FA
0:05:17.609,0:05:19.789
Gartner recommends Duo which has
0:05:19.789,0:05:22.039
been bought by Cisco but doesn't matter
0:05:23.589,0:05:25.414
so if you look at what Duo does
0:05:25.414,0:05:27.378
your server asks the cloud for
0:05:27.378,0:05:29.877
permission the cloud goes to the telephone
0:05:29.877,0:05:33.590
telephone shows a popup you click yes
0:05:31.590,0:05:35.100
and then the cloud tells the server it's
0:05:35.100,0:05:37.470
okay you can let them in if you look
0:05:37.470,0:05:39.360
really closely you can notice the cloud
0:05:39.360,0:05:41.520
doesn't have to do the popup it can just
0:05:41.520,0:05:43.871
say sure so this comes pre-owned
0:05:43.871,0:05:45.952
there is no need to hack anything here
0:05:45.952,0:05:47.452
Laugther
0:05:47.452,0:05:48.980
and something many people don't
0:05:48.980,0:05:50.596
realize you don't need two factor
0:05:50.596,0:05:53.410
if you have public key that's already the[br]second factor
0:05:53.944,0:05:55.109
Okay, so
0:05:55.789,0:05:57.808
yeah let's skip over this briefly
0:05:57.808,0:06:00.318
Splunk is the the recommend option here
0:06:00.318,0:06:02.038
and they make the organization
0:06:02.038,0:06:04.438
more resilient unless you install it
0:06:04.438,0:06:07.279
Laughter
0:06:07.279,0:06:15.543
Applause
0:06:15.543,0:06:17.812
okay so this one is dear to my heart
0:06:17.812,0:06:20.713
because people start arguing about
0:06:20.713,0:06:22.453
whether to install patches and
0:06:22.453,0:06:25.093
which patch to install first and it used
0:06:25.093,0:06:27.683
to be simple you look for problems
0:06:27.683,0:06:29.443
then you install the patches and then
0:06:29.443,0:06:31.533
it got a bit more complicated and
0:06:31.533,0:06:33.423
the result is this right
0:06:33.423,0:06:36.173
that's a famous podcast in Germany
0:06:36.173,0:06:38.693
it's about municipality who got owned
0:06:38.693,0:06:41.673
by ransomware and then had to call the
0:06:41.673,0:06:42.943
army for help
0:06:42.943,0:06:44.460
inaudible chatter in crowd
0:06:44.460,0:06:46.510
and what you should do I'm having
0:06:46.510,0:06:48.470
this for completeness install all patches
0:06:48.470,0:06:50.430
immediately but that's a separate talk
0:06:50.430,0:06:52.705
right so you may notice a pattern here
0:06:52.705,0:06:54.450
the IT security industry
0:06:54.450,0:06:55.630
recommends something and
0:06:55.630,0:06:58.274
if you do it you're [ __ ] so don't do it
0:06:58.274,0:07:01.000
in case you can't read this says snake
0:07:01.000,0:07:03.460
repellent granules and then there's a
0:07:03.460,0:07:05.060
snake sleeping next to it
0:07:05.060,0:07:06.111
laugther
0:07:06.111,0:07:07.390
coughing
0:07:07.921,0:07:10.670
right so if we can't trust the
0:07:10.670,0:07:12.911
recommendations of the industry what[br]shall we do
0:07:13.449,0:07:15.049
and so I had a lot of
0:07:15.049,0:07:16.929
time on my hands because I didn't have
0:07:16.929,0:07:19.510
to clean up after crappy IT security
0:07:19.510,0:07:21.570
industry recommendations so what
0:07:21.570,0:07:23.770
what did I do with my time
0:07:24.210,0:07:26.630
and I decided I need a Blog
0:07:26.630,0:07:30.440
some time ago now and I started
0:07:30.440,0:07:32.660
thinking what do I need and it's
0:07:32.660,0:07:34.570
actually not that much I could have just
0:07:34.570,0:07:37.590
shown basically static content a little
0:07:37.590,0:07:39.727
search function would be good but it's
0:07:39.727,0:07:42.530
optional um I didn't need comments for
0:07:42.530,0:07:44.920
legal reasons because people start
0:07:44.920,0:07:48.390
posting like links to maware or
0:07:48.390,0:07:50.230
whatever I don't want that I don't
0:07:50.230,0:07:52.162
need that right so the first version was
0:07:52.162,0:07:53.950
actually really easy it was a small
0:07:53.950,0:07:56.141
standard web server and I had the
0:07:56.141,0:07:58.219
blog entries a static HTML files
0:07:58.219,0:08:00.199
one file per month it was actually really
0:08:00.199,0:08:02.090
easy if you want to search you just can
0:08:02.090,0:08:04.870
ask Google and limit it to my site so
0:08:04.870,0:08:07.229
posting was also easy had a little
0:08:07.229,0:08:09.699
script that I could run on the server
0:08:09.699,0:08:12.924
and I just SSH in and SSH I trust for
0:08:12.924,0:08:14.824
authentication so there's no new attack
0:08:14.824,0:08:17.445
surface I have that anyway and this is a
0:08:17.445,0:08:20.074
great design it's secure it's simple
0:08:20.074,0:08:22.190
there's low risk it's also high
0:08:22.190,0:08:24.779
performance but you couldn't do a talk
0:08:24.779,0:08:27.270
about it at the CCC right so
0:08:27.270,0:08:30.130
it's too boring so I started to introduce
0:08:30.130,0:08:31.200
risk in my setup
0:08:31.200,0:08:33.640
*laughter
0:08:34.400,0:08:36.410
so the first idea was I had
0:08:36.410,0:08:38.280
written a small web server I could just
0:08:38.280,0:08:40.360
implement the blog in the web server
0:08:40.360,0:08:43.384
because you know it's my code anyway
0:08:43.384,0:08:46.796
but that has downsides if the the blog
0:08:46.796,0:08:48.935
is running in the web server then it can
0:08:48.935,0:08:50.846
access all the memory of the web server
0:08:50.846,0:08:52.776
in particular it can see the TLS private
0:08:52.776,0:08:55.166
key and that I don't want people to
0:08:55.166,0:08:57.856
extract right so it can't be a module
0:08:57.856,0:09:00.056
in the web server
0:09:00.480,0:09:03.030
and the the obvious solution is
0:09:03.030,0:09:05.510
it has to run in a different user ID on
0:09:05.510,0:09:08.090
on Linux I'm using Linux or but any
0:09:08.090,0:09:09.810
Unix or Windows would be the same
0:09:09.810,0:09:11.860
basically it runs in a different user ID
0:09:11.860,0:09:13.940
and then if you if you take over the
0:09:13.940,0:09:15.989
process of the blog because there's some
0:09:15.989,0:09:18.680
bug in it you couldn't access the TLS
0:09:18.680,0:09:21.770
key and while I did that the industry
0:09:21.770,0:09:23.049
was doing this
0:09:23.049,0:09:23.759
chatter
0:09:23.759,0:09:25.429
that's like the running gag of this
0:09:25.429,0:09:27.520
talk I show all kinds of interesting
0:09:27.520,0:09:29.280
things the industry did and then show
0:09:29.280,0:09:31.209
what I did in that time right so
0:09:31.939,0:09:32.828
next question
0:09:32.828,0:09:34.749
where's the content I could just have
0:09:34.749,0:09:37.418
files on disk like static HTML as before
0:09:37.418,0:09:39.819
but I think that's not professional enough
0:09:39.569,0:09:41.829
right so for a good CCC talk you
0:09:41.829,0:09:44.059
need to be more professional
0:09:44.059,0:09:45.260
also for a different
0:09:45.260,0:09:47.488
project I had just written an LDAP server
0:09:47.488,0:09:50.543
so I decided to reuse it and
0:09:50.543,0:09:52.400
while I did that the industry did this
0:09:52.400,0:09:54.080
I took this photo at the airport of
0:09:53.830,0:09:55.731
Jerusalem so this is an actual ad it's
0:09:55.731,0:09:57.210
not photoshopped right it's for
0:09:57.210,0:09:59.040
Northrop Grumman which is a
0:09:59.040,0:10:02.760
military contractor and it's about full
0:10:02.760,0:10:05.700
spectrum cyber across all domains
0:10:05.700,0:10:06.933
chatter
0:10:06.933,0:10:09.770
so why would I write my own LDAP server
0:10:09.770,0:10:11.870
mostly because it's small and
0:10:11.870,0:10:14.650
because I'm an auditor by trade I know
0:10:14.650,0:10:17.630
that if you want a chance to actually
0:10:17.630,0:10:19.570
audit the code it needs to be small
0:10:19.570,0:10:22.039
because that's a limited resource
0:10:22.039,0:10:24.110
the time you can spend on auditing code
0:10:24.110,0:10:27.419
right so Postgres is a common SQL
0:10:27.419,0:10:30.122
database slapped in the the open LDAP
0:10:30.122,0:10:32.621
implementation of the server and tinyldap
0:10:32.621,0:10:35.112
is mine and you see it's much slower
0:10:35.112,0:10:36.630
and much smaller
0:10:38.750,0:10:40.609
yeah so there was more to this
0:10:40.609,0:10:43.760
ad campaign I collected a few funny images
0:10:45.080,0:10:48.959
right so um if someone manages to
0:10:48.709,0:10:52.069
hack the blog CGI or whatever module
0:10:52.069,0:10:54.779
I use to to have connect the blog to the
0:10:54.779,0:10:57.399
web server they can open any file that
0:10:57.399,0:11:00.280
the blog can read right the UID can read
0:11:00.280,0:11:02.820
so I should probably do something
0:11:02.820,0:11:05.510
about that that was the next step and
0:11:05.510,0:11:07.690
the industry was starting to think about
0:11:07.690,0:11:09.180
vulnerability management
0:11:11.070,0:11:13.360
so there is a mechanism on Unix
0:11:13.360,0:11:15.450
on Linux I did a separate talk about that
0:11:15.450,0:11:16.630
on the last Congress
0:11:16.630,0:11:19.132
it's called Seccomp and Seccomp it's like
0:11:19.132,0:11:21.371
a firewall for sys calls so I can use
0:11:21.371,0:11:24.372
Seccomp to block open the open sys which
0:11:24.372,0:11:26.812
is used to open files but if I have
0:11:26.812,0:11:29.092
to use open myself
0:11:29.092,0:11:31.722
then I can't block it right so what
0:11:31.722,0:11:33.452
to do about that for example my blog
0:11:33.452,0:11:35.672
calls local time which converts Unix's
0:11:35.672,0:11:38.092
time into the local time zone and for
0:11:38.092,0:11:40.372
that it opens a file containing the
0:11:40.372,0:11:43.826
description of the system time zone
0:11:43.826,0:11:46.646
and that calls open right so if
0:11:46.646,0:11:49.332
I just disabled the open system call from
0:11:49.332,0:11:51.057
my blog then it couldn't do the time
0:11:51.057,0:11:54.356
translation and this is actually
0:11:54.356,0:11:57.506
an old problem that also applies to set
0:11:57.506,0:12:00.108
ID programs and has has applied to them
0:12:00.108,0:12:03.027
for decades so what you can do is you
0:12:03.027,0:12:05.818
can reorganize your code so before you
0:12:05.818,0:12:08.478
block or before you drop privileges
0:12:08.478,0:12:11.356
generally speaking you do the open
0:12:11.356,0:12:14.158
calls in this in this example and
0:12:14.158,0:12:16.597
then you disable open and then you look
0:12:16.597,0:12:18.970
at the the data provided by the attacker
0:12:18.970,0:12:21.079
because if the attacker or any untrusted
0:12:21.079,0:12:23.590
source is trying to hack you it is via
0:12:23.590,0:12:25.704
data it gives you right it's
0:12:25.704,0:12:27.884
the environment is compromised so you look
0:12:27.884,0:12:29.844
at what kind of uh elements in the
0:12:29.844,0:12:31.764
environment are attacker supplied and
0:12:31.764,0:12:33.804
before you look at a single byte in them
0:12:33.804,0:12:35.924
you do all the dangerous stuff if you can
0:12:35.924,0:12:38.203
right so in this case I call local
0:12:38.203,0:12:42.213
time once before I drop the open sys call
0:12:42.213,0:12:44.904
and then my libc will cache the
0:12:44.904,0:12:47.938
time zone data and the next time I call it
0:12:47.938,0:12:49.868
after I have looked at the attacker
0:12:49.868,0:12:51.877
supplied code there is no need to call
0:12:51.877,0:12:53.988
open right so that's a major advantage
0:12:53.988,0:12:57.488
of Secom over similar Technologies like
0:12:57.488,0:13:03.200
SELinux where all the prohibitions
0:13:03.200,0:13:04.450
on sys calls are
0:13:04.450,0:13:06.850
applied to the whole process so there is
0:13:06.850,0:13:08.656
this is an example and you should make
0:13:08.656,0:13:10.249
use of it you should look at your
0:13:10.249,0:13:12.120
process and you can see if you have the
0:13:12.120,0:13:13.944
source code at least you can see which
0:13:13.944,0:13:16.249
parts do I need to do before I can drop
0:13:16.249,0:13:18.689
privileges and you move them up right so
0:13:18.689,0:13:19.849
that's what I did
0:13:22.120,0:13:24.669
this is actually a mockup from
0:13:24.669,0:13:27.450
the Estonian cyber security center
0:13:28.760,0:13:29.962
so this is real
0:13:30.952,0:13:31.952
okay so
0:13:31.952,0:13:34.959
next thought so let's
0:13:34.959,0:13:38.129
say someone hacks the blog module and
0:13:38.129,0:13:40.400
someone else uses the same module but
0:13:40.400,0:13:43.141
supplies a password right
0:13:43.141,0:13:44.955
this is a common problem in website
0:13:44.955,0:13:46.845
in websites there's some kind of login
0:13:46.845,0:13:48.704
something you get maybe a session token
0:13:48.704,0:13:51.514
or whatever and if someone manages to
0:13:51.514,0:13:54.024
take over the middleware
0:13:54.024,0:13:55.574
or like the server component
0:13:55.584,0:13:58.891
they can see all other connections too
0:13:58.891,0:14:00.420
if they are handled by the same
0:14:00.420,0:14:03.460
process right that's a major problem
0:14:03.460,0:14:06.340
and you can do something about it
0:14:06.340,0:14:08.312
so that's the good news here
0:14:09.682,0:14:13.019
and in my example it led to me using CGI
0:14:13.019,0:14:15.599
instead of fast CGI which is fast CGI
0:14:15.599,0:14:17.953
is a newer version of CGI
0:14:17.953,0:14:20.910
and the idea with fast CGI is that you
0:14:20.910,0:14:24.189
don't spawn a new process for every
0:14:24.189,0:14:26.877
request but you have like a Unix domain
0:14:26.877,0:14:29.890
socket or another socket to a fast CGI
0:14:29.890,0:14:32.180
process and that opens maybe a threat
0:14:32.180,0:14:35.550
per request or something but usually
0:14:35.550,0:14:37.450
in fast CGI you try to handle the
0:14:37.450,0:14:39.440
requests in the same process and then
0:14:39.440,0:14:41.590
you can use that process to cach data so
0:14:41.590,0:14:45.140
there's a perf advantage to using fast CGI
0:14:45.140,0:14:47.300
but for security reasons I don't
0:14:47.300,0:14:50.220
I don't use fast CGI so I can't do
0:14:50.220,0:14:52.700
caching right so that's a major downside
0:14:52.700,0:14:54.450
and you would expect the block to be
0:14:54.450,0:14:56.790
really really slow in the end so
0:14:56.790,0:14:59.139
first thing I need to use CGI instead of
0:14:59.139,0:15:01.949
fast CGI and secondly you could still
0:15:01.949,0:15:05.159
use debug APIs so if you use GDB or
0:15:05.159,0:15:07.700
another debugger to to look at another
0:15:07.700,0:15:10.199
process they use an API called ptrace
0:15:10.199,0:15:12.860
but that's a sys call so I can use seccomp
0:15:12.860,0:15:16.394
to disallow ptrace if I do those two
0:15:16.394,0:15:20.299
and the attacker takes over a blog process
0:15:20.299,0:15:22.529
all they can see is the data they supply
0:15:22.529,0:15:26.840
themselves right that's a major advantage
0:15:27.879,0:15:30.079
Okay so ENISA is actually an EU agency
0:15:30.079,0:15:31.569
which I find really disturbing
0:15:31.569,0:15:33.480
because they're burning lots of taxpayer
0:15:33.480,0:15:38.302
money anyway so let's assume the attacker
0:15:38.302,0:15:41.013
can hack my blog they can sill circumvent
0:15:41.013,0:15:43.333
any access control I do in the blog
0:15:43.333,0:15:46.302
so for example if I have an admin site
0:15:46.302,0:15:49.453
or some login site part of the webiste
0:15:49.453,0:15:52.128
and it's handled through the same program
0:15:52.128,0:15:55.069
and the access control is done in the blog
0:15:55.069,0:15:56.939
CGI and someone manages
0:15:56.939,0:15:59.190
to hack my blog CGI they could
0:15:59.190,0:16:03.280
just skip that so it's really hard
0:16:03.280,0:16:05.640
to do access restrictions that can be
0:16:05.640,0:16:07.817
circumvented if you do them in your own
0:16:07.817,0:16:09.972
code so the solution is not do it in
0:16:09.972,0:16:13.421
your own code I don't do any access
0:16:13.421,0:16:15.702
restriction in the blog I do it in the
0:16:15.702,0:16:18.431
LDAP server so if you connect to my blog
0:16:18.431,0:16:20.525
and supply a password then the blog
0:16:20.525,0:16:22.000
doesn't know if the password is
0:16:22.000,0:16:24.400
right or not there's an for example
0:16:24.400,0:16:26.216
there's an interface where you can add
0:16:26.216,0:16:28.130
new block entries or you can edit an old
0:16:28.130,0:16:29.739
one and for you need to supply
0:16:29.739,0:16:31.740
credentials but the block CGI doesn't know
0:16:31.740,0:16:33.404
if they are right or not it opens
0:16:33.404,0:16:35.264
the connections to the LDAP server with
0:16:35.264,0:16:37.344
that credential and then the LDAP server
0:16:37.344,0:16:40.853
says yes or no so since we removed
0:16:40.853,0:16:44.434
access to the ptraces calls and the
0:16:44.434,0:16:46.613
processes are isolated from each other
0:16:46.613,0:16:48.234
that means there is nothing to
0:16:48.234,0:16:50.394
circumvent here so if someone hacks my
0:16:50.394,0:16:52.733
blog the only advantage they get is
0:16:52.733,0:16:54.769
they can do the exact same stuff they
0:16:54.769,0:16:56.628
could do before basically they can just
0:16:56.628,0:16:58.038
talk to the LDAP server
0:16:59.628,0:17:01.229
okay so I'm starting to get into
0:17:01.229,0:17:04.243
James Bond territory here right
0:17:04.243,0:17:05.874
with the attacks they getting more
0:17:05.874,0:17:08.884
convoluted right so the industry started
0:17:08.884,0:17:10.653
doing threat intelligence feeds which
0:17:10.653,0:17:12.634
are useless don't spend money on those
0:17:13.100,0:17:15.820
okay so let's say the attacker hacked my
0:17:15.820,0:17:19.070
blog and then went to my tinyldap and now
0:17:19.070,0:17:21.820
is attacking tinyldap then they can
0:17:21.820,0:17:24.060
watch other logins because tinyldap
0:17:24.060,0:17:26.552
handles connections from other instances
0:17:26.552,0:17:28.970
of the blog too right so the same
0:17:28.970,0:17:30.840
problem we had before we just moved the
0:17:30.840,0:17:33.119
goal post a little and we need to
0:17:33.119,0:17:36.029
prevent this and the obvious solution
0:17:36.029,0:17:38.118
is to do the same thing we did
0:17:38.118,0:17:41.369
with the blog we have one process of
0:17:41.369,0:17:44.794
the LDAP server per request and then we
0:17:44.794,0:17:48.793
just allow ptrace right so now you
0:17:48.793,0:17:51.349
can't watch even if you get code execution
0:17:51.349,0:17:53.590
inside the LDAP server you can't watch
0:17:53.590,0:17:55.520
what passwords other people use
0:17:55.520,0:17:58.614
you can still see okay the industry
0:17:58.614,0:18:01.150
does some [ __ ] again you can still see
0:18:01.150,0:18:04.216
the password in the LDAP store right so
0:18:04.216,0:18:06.196
the LDAP server has to have a version of
0:18:06.196,0:18:08.277
the password to authenticate against and
0:18:08.277,0:18:11.000
the industry practice best practice is to
0:18:11.000,0:18:12.820
use salted hashes so the password is
0:18:12.820,0:18:14.083
not actually in the store
0:18:14.569,0:18:17.169
still if someone manages to attack
0:18:17.169,0:18:19.749
tinyldap through the blog they can
0:18:19.749,0:18:21.689
extract the hashes and try to crack them
0:18:21.689,0:18:24.728
but since I'm the only one adding users
0:18:24.728,0:18:27.530
I can control the password complexity so
0:18:27.530,0:18:29.780
good luck brute forcing that right
0:18:32.410,0:18:37.729
okay so this is actually a real problem
0:18:37.729,0:18:39.400
not for my blog specifically
0:18:39.400,0:18:41.597
but for other web services or services
0:18:41.597,0:18:43.310
that are reachable from the internet
0:18:43.310,0:18:45.259
what if an attacker doesn't want to steal
0:18:45.259,0:18:47.762
my data but it wants to encrypt it
0:18:47.762,0:18:50.052
so the ransomware what can you do
0:18:50.052,0:18:53.866
about that and my idea was to make
0:18:53.866,0:18:55.776
the data store read only so the UB
0:18:58.000,0:19:00.679
server has a data store that contains
0:18:58.000,0:19:03.159
all the blog entries and let's read only
0:19:00.679,0:19:05.440
to the add up process you can only read
0:19:03.159,0:19:08.200
from it and if you want to write to it
0:19:05.440,0:19:10.039
for example to add a new entry it gets
0:19:08.200,0:19:10.919
appended to a second file which I call
0:19:10.039,0:19:13.559
the
0:19:10.919,0:19:15.880
journal so SQL databases have a similar
0:19:13.559,0:19:17.760
concept and they use it to to roll back
0:19:15.880,0:19:19.320
transactions I can do the same thing
0:19:17.760,0:19:22.200
it's basically a log
0:19:19.320,0:19:25.159
file and that means um all the
0:19:22.200,0:19:27.360
differences from the last time the store
0:19:25.159,0:19:29.400
was created the Ron store all the
0:19:27.360,0:19:32.240
differences are sequentially in the log
0:19:29.400,0:19:34.320
file in the journal so that that the
0:19:32.240,0:19:36.480
performance gets worse the bigger the
0:19:34.320,0:19:39.480
journal gets so every now and then I
0:19:36.480,0:19:41.600
need to combine the readon part and the
0:19:39.480,0:19:44.120
journal to a new bigger readon part and
0:19:41.600,0:19:44.120
I do that
0:19:44.679,0:19:49.640
manually um because tiny elab couldn't
0:19:47.880,0:19:51.039
do it because I didn't allow tiny elab
0:19:49.640,0:19:54.960
to write the store right that was part
0:19:51.039,0:19:57.120
of the security here and uh so um with
0:19:54.960,0:19:59.000
set comp I can just disable whole CIS
0:19:57.120,0:20:00.880
calls I can also install filters so I
0:19:59.000,0:20:03.679
can say open is allowed but only if you
0:20:00.880,0:20:06.440
use o append o append in the open sis
0:20:03.679,0:20:09.280
call on Unix means every right you do to
0:20:06.440,0:20:12.600
this uh descriptor is automatically
0:20:09.280,0:20:16.159
added to the end so I know if someone
0:20:12.600,0:20:18.840
manages to to access the tiny Elda
0:20:16.159,0:20:20.799
binary and can write to my journal then
0:20:18.840,0:20:22.320
the only place the changes can show up
0:20:20.799,0:20:24.600
is at the end and that's actually a
0:20:22.320,0:20:27.200
really good good thing to have because
0:20:24.600,0:20:29.840
it means if someone hacks me and adds
0:20:27.200,0:20:32.720
junk to my blog I can only remove at the
0:20:29.840,0:20:35.360
end and I'm good again compare that to a
0:20:32.720,0:20:38.320
usual SQL database um if someone wrote
0:20:35.360,0:20:40.919
to the database you need to in to to
0:20:38.320,0:20:42.760
play a backup uh in to restore backup
0:20:40.919,0:20:45.600
because they could have changed anything
0:20:42.760,0:20:47.000
anywhere right so but tiny adup doesn't
0:20:45.600,0:20:48.840
even have file system level permissions
0:20:47.000,0:20:50.880
to change anything in the store so I can
0:20:48.840,0:20:53.320
re re uh sleep
0:20:50.880,0:20:56.440
soundly yeah the industry spent money on
0:20:53.320,0:20:56.440
cyber security mesh
0:20:56.480,0:21:00.480
architecture right so the journal
0:20:58.880,0:21:02.280
integration has to be done by me
0:21:00.480,0:21:05.440
manually out of band so it's not
0:21:02.280,0:21:08.880
something an automated process does um I
0:21:05.440,0:21:10.360
do it manually and when I'm doing it um
0:21:08.880,0:21:12.520
because it's not that much data it's
0:21:10.360,0:21:14.600
like for a week or two I can just read
0:21:12.520,0:21:16.480
it again and see if something doesn't
0:21:14.600,0:21:19.120
look
0:21:16.480,0:21:21.080
right this may not be available to all
0:21:19.120,0:21:22.760
other scenarios but uh you have to
0:21:21.080,0:21:25.200
realize if you have bigger data it's
0:21:22.760,0:21:27.039
usually not all the data that's big most
0:21:25.200,0:21:29.960
of it is usually static and readon and
0:21:27.039,0:21:32.840
then you have some logs that are or you
0:21:29.960,0:21:35.400
know billing data that grows and grows
0:21:32.840,0:21:37.799
but usually there's part of the data and
0:21:35.400,0:21:40.600
this is the the part with the you know
0:21:37.799,0:21:43.679
um uh identifying information personally
0:21:40.600,0:21:46.120
identifying information or you know Bill
0:21:43.679,0:21:48.120
billing details that stuff is usually
0:21:46.120,0:21:51.440
small and mostly static and you could
0:21:48.120,0:21:51.440
use this strategy for that
0:21:52.760,0:21:58.799
too well yeah
0:21:56.159,0:22:01.600
okay so the attack can still write
0:21:58.799,0:22:03.919
garbage to my blog that's still not good
0:22:01.600,0:22:06.760
right but since all they can do is a pen
0:22:03.919,0:22:09.240
to the journal I can use my text editor
0:22:06.760,0:22:11.760
open the journal and truncate at some
0:22:09.240,0:22:13.840
point and then I get all my data back
0:22:11.760,0:22:16.360
till the point where they started puting
0:22:13.840,0:22:18.720
the blog right this is still bad but
0:22:16.360,0:22:21.400
it's it's a very good position to be in
0:22:18.720,0:22:23.919
if there's an uh emergency because you
0:22:21.400,0:22:26.080
can basically investigate calmly first
0:22:23.919,0:22:30.000
you turn off right AIS then you you
0:22:26.080,0:22:32.919
delete the vandalism and the journal and
0:22:30.000,0:22:34.679
um you know you haven't lost anything
0:22:32.919,0:22:37.120
because if you want to delete an entry
0:22:34.679,0:22:39.360
in the blog you could do that too but
0:22:37.120,0:22:41.200
that means at the end of the journal you
0:22:39.360,0:22:43.240
append a statement saying delete this
0:22:41.200,0:22:45.799
record and I can just remove that and I
0:22:43.240,0:22:48.960
get the record back right so there's no
0:22:45.799,0:22:51.120
way for someone vandalizing my blog to U
0:22:48.960,0:22:53.320
damage any data that was in it before
0:22:51.120,0:22:56.000
all they can do is a pen junk at the end
0:22:53.320,0:22:58.400
and I can live with that right this is
0:22:56.000,0:23:01.200
this is should be the guiding thought
0:22:58.400,0:23:03.480
between any security you do um if
0:23:01.200,0:23:05.559
someone hacks you you will be in a very
0:23:03.480,0:23:07.720
stressful position the boss will be
0:23:05.559,0:23:10.279
behind you breathing down your neck are
0:23:07.720,0:23:12.559
We Done Yet is it fixed and you want to
0:23:10.279,0:23:14.600
have as little to do as possible at that
0:23:12.559,0:23:17.279
time you want to to move all the stress
0:23:14.600,0:23:19.120
to before you get hacked because then
0:23:17.279,0:23:22.520
you have more
0:23:19.120,0:23:24.760
time okay the industry did other things
0:23:22.520,0:23:28.039
again
0:23:24.760,0:23:30.880
um so what if the attacker doesn't write
0:23:28.039,0:23:33.360
garbage to the journal but writes some
0:23:30.880,0:23:35.279
exploit to the journal that the next
0:23:33.360,0:23:38.520
tiny El up instance that reads the
0:23:35.279,0:23:41.120
journal gets compromised
0:23:38.520,0:23:43.480
by that is a
0:23:41.120,0:23:46.799
possibility and that would be
0:23:43.480,0:23:49.279
bad so agreed that there still a problem
0:23:46.799,0:23:51.200
but uh realize how Preposterous the
0:23:49.279,0:23:54.039
scenario is so we are talking about an
0:23:51.200,0:23:57.000
attacker who found stable zero day in
0:23:54.039,0:23:59.600
the blog and then used that and another
0:23:57.000,0:24:01.679
stable zero day in tiny ad up to write
0:23:59.600,0:24:05.600
to the journal and then have the
0:24:01.679,0:24:09.360
third uh third zero day to compromise
0:24:05.600,0:24:11.440
the the journal passing code so I mean
0:24:09.360,0:24:13.440
yes it is still a problem but we reduced
0:24:11.440,0:24:15.320
the risk
0:24:13.440,0:24:18.320
significantly uh and that is what I'm
0:24:15.320,0:24:20.640
trying to to tell you here uh it's not
0:24:18.320,0:24:22.600
it's not all or nothing it's good enough
0:24:20.640,0:24:25.440
if you can half the
0:24:22.600,0:24:28.760
risk that's already very important and
0:24:25.440,0:24:32.200
you should do it so as much as you can
0:24:28.760,0:24:34.039
uh slice off the risk the better the
0:24:32.200,0:24:37.320
better off you will be if something
0:24:34.039,0:24:40.320
happens right because the smaller the
0:24:37.320,0:24:42.200
code is that is still attackable the
0:24:40.320,0:24:44.000
more you can audit it and be sure it's
0:24:42.200,0:24:46.799
good you show it to your friends and
0:24:44.000,0:24:48.919
they can audit it too uh and and you
0:24:46.799,0:24:50.480
need to save yourself that time because
0:24:48.919,0:24:52.880
it happens every now and then that I get
0:24:50.480,0:24:54.640
to get to see the whole code base and
0:24:52.880,0:24:56.480
the usual code base for commercial
0:24:54.640,0:24:59.799
products is like gigabytes of source
0:24:56.480,0:25:02.039
code nobody can read that like I'm I'm
0:24:59.799,0:25:05.440
good I'm not that
0:25:02.039,0:25:07.000
good so um this is a good place to be in
0:25:05.440,0:25:10.760
I think right so the industry was
0:25:07.000,0:25:13.240
selling dos mitigation sure whatever so
0:25:10.760,0:25:15.760
what happens if someone attacks the web
0:25:13.240,0:25:18.760
server that is still a big
0:25:15.760,0:25:22.799
problem um and it's
0:25:18.760,0:25:24.200
actually uh it it's a full damage right
0:25:22.799,0:25:25.919
that's the worst that can happen if
0:25:24.200,0:25:28.399
someone manages to attack the web server
0:25:25.919,0:25:30.679
they can see all traffic coming through
0:25:28.399,0:25:32.399
they can look inside TLS secured
0:25:30.679,0:25:34.399
connections and they can sniff all the
0:25:32.399,0:25:37.039
passwords so that's really
0:25:34.399,0:25:40.200
bad unfortunately there is not too much
0:25:37.039,0:25:44.679
you can do about that
0:25:40.200,0:25:45.840
um you could do uh um a separation so
0:25:44.679,0:25:47.919
this is something people have been
0:25:45.840,0:25:49.480
talking about for a while open S AG is
0:25:47.919,0:25:51.919
doing this they moved the dangerous
0:25:49.480,0:25:54.840
crypto stuff in a second process and use
0:25:51.919,0:25:56.399
sandboxing to lock down that process uh
0:25:54.840,0:25:58.440
that could be done but nobody has done
0:25:56.399,0:26:00.960
it for open SSL yet so so open SSL
0:25:58.440,0:26:02.960
doesn't support that um my web server
0:26:00.960,0:26:05.200
also supports embed TLS they don't
0:26:02.960,0:26:07.399
support that too so I I could spend time
0:26:05.200,0:26:09.200
on that and I've been actually um
0:26:07.399,0:26:11.000
spending some time already but it's not
0:26:09.200,0:26:13.320
it's not ready yet but this would be a
0:26:11.000,0:26:15.600
good way to reduce the risk and you may
0:26:13.320,0:26:18.600
notice that the the tools I'm using to
0:26:15.600,0:26:20.840
reduce risks are actually just a handful
0:26:18.600,0:26:23.440
there's not it's not you know it's not
0:26:20.840,0:26:25.760
witchcraft I'm I'm not inventing new
0:26:23.440,0:26:28.039
ways to look at things I'm doing the
0:26:25.760,0:26:30.000
same thing again I'm identifying the
0:26:28.039,0:26:32.679
part of the code that's dangerous and
0:26:30.000,0:26:34.640
then I think about how I can make that
0:26:32.679,0:26:37.440
part smaller maybe put it in a different
0:26:34.640,0:26:38.679
process lock it down so we need to do
0:26:37.440,0:26:42.000
the same thing with the web server
0:26:38.679,0:26:46.640
obviously um but it's an ongoing
0:26:42.000,0:26:49.600
process yeah so again whatever um why
0:26:46.640,0:26:51.399
haven't I done that yet uh so in my web
0:26:49.600,0:26:53.360
server you can it's a build time
0:26:51.399,0:26:55.159
decision if you want SSL support or not
0:26:53.360,0:26:57.600
and you can see the binary is
0:26:55.159,0:26:59.360
significantly bigger if you have SSL and
0:26:57.600,0:27:01.320
I'm showing you this because it means
0:26:59.360,0:27:04.520
the the bulk of the attack surface is
0:27:01.320,0:27:06.840
the SSL code it's not my code so if I if
0:27:04.520,0:27:10.320
I can put the SSL code in a different
0:27:06.840,0:27:11.880
process they still need to see the the
0:27:10.320,0:27:13.679
private key because that's what TLS
0:27:11.880,0:27:16.000
needs the private key otherwise it can't
0:27:13.679,0:27:17.679
do the crypto so the bug of the attack
0:27:16.000,0:27:19.919
surface would still have access to the
0:27:17.679,0:27:21.480
key I can still do it because there
0:27:19.919,0:27:24.840
might be bucks in my code and not the
0:27:21.480,0:27:28.039
SSL code but that's just 5% of the of
0:27:24.840,0:27:30.000
the overall attack surface so um
0:27:28.039,0:27:32.480
it I will probably do it at some point
0:27:30.000,0:27:35.799
but it's I don't expect miracles from it
0:27:32.480,0:27:38.919
bugs and open SSL will kill kill me
0:27:35.799,0:27:38.919
there's not much I can do about
0:27:41.480,0:27:45.640
that okay so I know what you're
0:27:46.960,0:27:52.399
thinking what about colel
0:27:50.039,0:27:54.679
bugs so I looked at a few of the recent
0:27:52.399,0:27:57.039
kernel bugs and it turns out that they
0:27:54.679,0:28:00.159
usually apply to SSS that are rarely
0:27:57.039,0:28:01.919
used in regular programs and uh because
0:28:00.159,0:28:05.200
I'm blocking all the CIS calls I don't
0:28:01.919,0:28:07.279
really need none of them apply to me
0:28:05.200,0:28:10.720
right and this is a this is a pattern
0:28:07.279,0:28:11.960
with Colonel bugs um uh there is a a
0:28:10.720,0:28:15.600
project called
0:28:11.960,0:28:19.519
Sandstorm um that also uses p trce and
0:28:15.600,0:28:22.679
and Secom tracing to reduce the csol U
0:28:19.519,0:28:25.240
surface and then puts regular Services
0:28:22.679,0:28:28.200
into a Sandbox for for web services and
0:28:25.240,0:28:30.360
they uh evaded all kinds of of Kernel
0:28:28.200,0:28:32.519
bucks just because of that so this is
0:28:30.360,0:28:34.320
like a zero effort thing because
0:28:32.519,0:28:36.760
obviously if you have a list of CIS
0:28:34.320,0:28:37.840
calls you'd use a white list and you you
0:28:36.760,0:28:39.600
have a list of things you are
0:28:37.840,0:28:42.519
explicitely low and the rest is is
0:28:39.600,0:28:44.600
disabled not the other way around right
0:28:42.519,0:28:47.480
so none of the usual kernel bugs apply
0:28:44.600,0:28:49.519
to me um because of the the seom stuff I
0:28:47.480,0:28:51.960
already do so kernel bugs aren't as big
0:28:49.519,0:28:54.200
of a problem as you might think at least
0:28:51.960,0:28:56.399
I still have them if I haven't patched
0:28:54.200,0:28:58.960
but you can't get to them via the
0:28:56.399,0:29:01.039
blog so I have a small confession to
0:28:58.960,0:29:04.679
make uh I'm a bit of a troll and that
0:29:01.039,0:29:06.960
applies to this project as well so um I
0:29:04.679,0:29:10.799
use the worst programming
0:29:06.960,0:29:12.679
language I used C right so I'm trolling
0:29:10.799,0:29:14.399
the security people and then I'm
0:29:12.679,0:29:15.760
trolling the Java people who have been
0:29:14.399,0:29:17.440
saying you should use multi-threading
0:29:15.760,0:29:20.399
for performance and not have one process
0:29:17.440,0:29:24.360
per request so I'm doing actually two
0:29:20.399,0:29:25.960
fork and xx per request um I'm trolling
0:29:24.360,0:29:28.679
the database people I don't have any
0:29:25.960,0:29:30.279
caching I don't have connection pool TOs
0:29:28.679,0:29:32.320
and the perf people too because I'm
0:29:30.279,0:29:34.640
still faster than most of the regular
0:29:32.320,0:29:36.679
Solutions so there is no there's really
0:29:34.640,0:29:39.799
no downside if you if you architect your
0:29:36.679,0:29:42.120
software to use this kind of thing um it
0:29:39.799,0:29:44.399
will be slower than other ways to do it
0:29:42.120,0:29:47.559
but most other software isn't as fast
0:29:44.399,0:29:49.600
anyway so there's enough Headway that
0:29:47.559,0:29:52.320
you can use to do security instead of
0:29:49.600,0:29:54.679
performance you will still be
0:29:52.320,0:29:58.240
faster so let's recap the the
0:29:54.679,0:30:00.679
methodology I used um first I make a
0:29:58.240,0:30:02.679
list of all the attacks I can think of
0:30:00.679,0:30:04.360
and this means concrete attacks so what
0:30:02.679,0:30:07.000
could happen and what would what would
0:30:04.360,0:30:09.480
be the problem then right and then I
0:30:07.000,0:30:11.880
think for every item on the list I
0:30:09.480,0:30:14.000
consider how to prevent this can I
0:30:11.880,0:30:16.039
prevent this uh what what I need to do
0:30:14.000,0:30:17.640
and then I do it right so that's easy
0:30:16.039,0:30:20.360
it's like this the fine man problem
0:30:17.640,0:30:23.200
solving algorithm in spirit and this
0:30:20.360,0:30:25.519
process is called threat modeling it's
0:30:23.200,0:30:27.320
it's like a it's dirty word because it
0:30:25.519,0:30:28.760
sounds like there's effort involved and
0:30:27.320,0:30:31.480
nobody wants to do it but it's really
0:30:28.760,0:30:32.880
it's easy it's just these these steps
0:30:31.480,0:30:34.360
you you look at your software you
0:30:32.880,0:30:36.279
consider all the ways it could be
0:30:34.360,0:30:38.240
attacked and then you consider what you
0:30:36.279,0:30:39.960
could do to prevent the attack or in
0:30:38.240,0:30:41.320
some cases you can't prevent the attack
0:30:39.960,0:30:43.720
and then you say well that's the risk I
0:30:41.320,0:30:47.240
have to live with right so that's called
0:30:43.720,0:30:50.360
threat moding you should try it it's
0:30:47.240,0:30:52.519
awesome and um you saw that I'm trying
0:30:50.360,0:30:55.320
to optimize something here I go for a
0:30:52.519,0:30:57.919
specific Target in this case I want as
0:30:55.320,0:30:59.840
little code as possible
0:30:57.919,0:31:02.840
um the more code there is the more bugs
0:30:59.840,0:31:04.639
there will be that's an a very old uh
0:31:02.840,0:31:07.000
Insight from I think it was originally
0:31:04.639,0:31:08.880
in IBM study and they basically found
0:31:07.000,0:31:10.480
that the number of bugs in code is a
0:31:08.880,0:31:12.639
function of the lines of code in the
0:31:10.480,0:31:15.399
code so there's a little more to it but
0:31:12.639,0:31:17.679
basically it's true so and it's not just
0:31:15.399,0:31:19.519
any code I want to have less of um if
0:31:17.679,0:31:22.159
the code is dangerous I particularly
0:31:19.519,0:31:25.159
want to have less of it and the the most
0:31:22.159,0:31:27.360
important category to to make smaller is
0:31:25.159,0:31:29.880
the the code that enforces security
0:31:27.360,0:31:31.720
guarantees so like one security
0:31:29.880,0:31:33.320
guarantee would be you can't log in if
0:31:31.720,0:31:35.320
you don't have the right password right
0:31:33.320,0:31:38.559
so the code that checks that I wanted to
0:31:35.320,0:31:40.720
be as small as possible um one or two
0:31:38.559,0:31:42.799
lines of code if if I can manage it and
0:31:40.720,0:31:45.360
then it's obvious if it if it's wrong or
0:31:42.799,0:31:47.720
not the more complex the code is the
0:31:45.360,0:31:49.080
less less easy would it be to see if
0:31:47.720,0:31:51.039
it's correct or not and that's what you
0:31:49.080,0:31:53.519
want in the end you want to be sure the
0:31:51.039,0:31:55.440
code is correct so how far did I get
0:31:53.519,0:31:57.279
it's actually pretty amazing I think um
0:31:55.440,0:32:01.000
you can write an elabs server in five
0:31:57.279,0:32:04.279
,000 lines of code the blog is 3.5 lines
0:32:01.000,0:32:07.320
of kilo lines of code um plus the Ed
0:32:04.279,0:32:09.159
client Library plus zet lip um but I'm
0:32:07.320,0:32:11.320
only using zet lip to compress not to
0:32:09.159,0:32:13.880
decompress so most attack scenarios
0:32:11.320,0:32:16.279
doesn't don't apply to to my usage of Z
0:32:13.880,0:32:19.000
Li um and the web server is also pretty
0:32:16.279,0:32:21.320
slow if you only look at the HTTP code
0:32:19.000,0:32:23.639
unfortunately uh it also contains the
0:32:21.320,0:32:25.600
SSL Library which is orders of magnitude
0:32:23.639,0:32:28.039
more than my code and that's how you
0:32:25.600,0:32:31.840
want it you want the biggest risk not to
0:32:28.039,0:32:34.519
be in the new code but in an old code
0:32:31.840,0:32:36.440
that someone else already audited if you
0:32:34.519,0:32:38.760
can manage it right so this is the
0:32:36.440,0:32:40.840
optimization strategy try to have as
0:32:38.760,0:32:42.960
little dangerous code as possible sounds
0:32:40.840,0:32:44.679
like a no-brainer but if you look at
0:32:42.960,0:32:47.279
modern software development you will
0:32:44.679,0:32:50.120
find out they do the exact opposite pull
0:32:47.279,0:32:53.159
in as many Frameworks as as they
0:32:50.120,0:32:55.639
can so this strategy is called TCB
0:32:53.159,0:32:57.159
minimization you should try it and I
0:32:55.639,0:33:01.240
gave a talk about it already it's
0:32:57.159,0:33:05.080
actually pretty easy so um I told you
0:33:01.240,0:33:08.080
what I did to the to the blog to uh uh
0:33:05.080,0:33:10.120
diminish the danger that can be done uh
0:33:08.080,0:33:11.919
if someone manages to take it over and
0:33:10.120,0:33:15.000
this is actually part of the TCB
0:33:11.919,0:33:18.279
minimization process so the blog was a
0:33:15.000,0:33:21.440
high risk area and then I took away
0:33:18.279,0:33:24.000
Privileges and removed exess checks and
0:33:21.440,0:33:26.240
in the end even if I give you remote
0:33:24.000,0:33:28.200
code execution in the blog process you
0:33:26.240,0:33:30.679
can't do anything you couldn't do before
0:33:28.200,0:33:33.519
right so it's no longer part of the TCB
0:33:30.679,0:33:35.559
the TCB is the part that uh enforces
0:33:33.519,0:33:36.880
security guarantees which the block CGI
0:33:35.559,0:33:39.440
doesn't
0:33:36.880,0:33:41.360
anymore so that's what you want to do
0:33:39.440,0:33:44.200
you want to end up in the smallest TCB
0:33:41.360,0:33:47.200
you can possibly manage and uh every
0:33:44.200,0:33:49.360
step on the way is good so no step is
0:33:47.200,0:33:51.880
too small right if you can shave off
0:33:49.360,0:33:54.639
even a little routine do
0:33:51.880,0:33:56.960
it this is the minimization part of TCB
0:33:54.639,0:33:59.799
minimization right I could I was able to
0:33:56.960,0:34:03.639
remove the block from the TCB tiny El up
0:33:59.799,0:34:05.360
still still has a risk so I I you saw
0:34:03.639,0:34:07.279
the threat model if someone manages to
0:34:05.360,0:34:08.639
take over tiny El up they can read the
0:34:07.279,0:34:11.440
hashes and try to crack them that's
0:34:08.639,0:34:14.639
still bad um but I can live with it
0:34:11.440,0:34:17.399
right uh if they vandalize the block I
0:34:14.639,0:34:19.960
can undo the damage without going to the
0:34:17.399,0:34:22.280
tape Library so that's
0:34:19.960,0:34:23.960
good if you compare that to the industry
0:34:22.280,0:34:26.720
standard you you will find that my
0:34:23.960,0:34:28.560
Approach is much better um usually in
0:34:26.720,0:34:31.200
the industry you see platform decisions
0:34:28.560,0:34:33.480
done by management not by the techies
0:34:31.200,0:34:35.399
and um it's untroubled by expertise or
0:34:33.480,0:34:37.800
risk analysis and you you get a
0:34:35.399,0:34:39.720
diffusion of responsibility because if
0:34:37.800,0:34:41.599
you even if you try to find out who's
0:34:39.720,0:34:43.240
responsible for anything you find uh
0:34:41.599,0:34:44.960
well it's that team over there but we
0:34:43.240,0:34:47.040
don't really know and then you find out
0:34:44.960,0:34:48.159
the team dissolved last week and it's
0:34:47.040,0:34:50.919
really
0:34:48.159,0:34:54.560
horrible and brand new we have ai tools
0:34:50.919,0:34:54.560
which is also a diffusion of
0:34:55.200,0:34:59.000
responsibility and then you get people
0:34:57.160,0:35:00.880
arguing well it's so bad it can't get
0:34:59.000,0:35:02.760
any worse let's go to the cloud where
0:35:00.880,0:35:07.079
obviously it gets worse
0:35:02.760,0:35:08.520
immediately so I prefer my way um I
0:35:07.079,0:35:10.640
think in the end it's important to
0:35:08.520,0:35:12.920
realize that the the lack of security
0:35:10.640,0:35:16.440
you may have in your projects right now
0:35:12.920,0:35:18.400
is self-imposed there is no guy with a
0:35:16.440,0:35:20.480
shotgun behind you
0:35:18.400,0:35:23.800
threatening you can do it you just have
0:35:20.480,0:35:25.640
to start right so this is self-imposed
0:35:23.800,0:35:28.800
helplessness you can actually help
0:35:25.640,0:35:28.800
yourself you just have to start
0:35:29.440,0:35:34.160
right how did we get here this is
0:35:32.079,0:35:36.119
obviously not a good good place to be
0:35:34.160,0:35:37.800
like all the software is crappy and
0:35:36.119,0:35:40.200
there's a few it's not just that people
0:35:37.800,0:35:43.440
are dumb there's a few reasons for that
0:35:40.200,0:35:45.359
so um back in the day you used to have
0:35:43.440,0:35:48.200
bespoke applications that were written
0:35:45.359,0:35:50.079
for a specific purpose and they used the
0:35:48.200,0:35:52.359
waterfall model and you had the
0:35:50.079,0:35:55.560
requirements specification and it was
0:35:52.359,0:35:58.079
lots of bureaucracy and really horrible
0:35:55.560,0:36:00.200
but it also Al meant that you knew what
0:35:58.079,0:36:02.880
the application had be had to be able to
0:36:00.200,0:36:06.240
do so that means you can make sure
0:36:02.880,0:36:08.079
anything else is forbidden if you know
0:36:06.240,0:36:10.040
what the application needs to be able to
0:36:08.079,0:36:12.400
do you can make sure it doesn't do any
0:36:10.040,0:36:15.520
other stuff and that is security if you
0:36:12.400,0:36:17.280
think about it deny everything that the
0:36:15.520,0:36:19.280
application wasn't supposed to be doing
0:36:17.280,0:36:22.200
and then that's what an attacker would
0:36:19.280,0:36:24.680
do if they take over the machine right
0:36:22.200,0:36:26.240
so if you know beforehand what you're
0:36:24.680,0:36:28.680
trying to get to you can actually
0:36:26.240,0:36:30.319
implement privilege even architecturally
0:36:28.680,0:36:32.920
as I've shown
0:36:30.319,0:36:35.720
you now we have more of an Ikea model
0:36:32.920,0:36:37.560
you buy parts that are uh designed by
0:36:35.720,0:36:39.359
their own teams and the teams designing
0:36:37.560,0:36:42.440
the parts don't know what the final
0:36:39.359,0:36:44.240
product will look like right in in some
0:36:42.440,0:36:45.640
cases even you don't know what the final
0:36:44.240,0:36:47.920
product will look like but it's even
0:36:45.640,0:36:49.880
worse if you consider that the the the
0:36:47.920,0:36:51.480
team building the part you make your
0:36:49.880,0:36:53.760
software from doesn't know what it will
0:36:51.480,0:36:56.359
be used for so it has to be as generic
0:36:53.760,0:36:57.839
as possible Right the more it can be
0:36:56.359,0:37:00.680
done with with it the better and that's
0:36:57.839,0:37:03.119
the opposite of security right security
0:37:00.680,0:37:05.359
means understanding what you need to do
0:37:03.119,0:37:08.599
and then disallowing the rest and this
0:37:05.359,0:37:11.440
means be as generic as you can the parts
0:37:08.599,0:37:12.400
are optimized for genericity Gen what's
0:37:11.440,0:37:15.599
the
0:37:12.400,0:37:17.680
name genericism I don't know so they are
0:37:15.599,0:37:21.319
optimized to be as flexible as possible
0:37:17.680,0:37:21.319
and they are chosen by
0:37:21.599,0:37:25.079
flexibility the developer of the part
0:37:23.640,0:37:27.599
usually has no idea what it would used
0:37:25.079,0:37:31.040
for uh and that means you can't do least
0:37:27.599,0:37:33.760
privilege because um you don't know what
0:37:31.040,0:37:36.319
the privilege will be that's least so
0:37:33.760,0:37:38.520
this this is actually a big mess so if
0:37:36.319,0:37:40.480
you use Parts programmed by other people
0:37:38.520,0:37:42.680
you will have to invest extra effort to
0:37:40.480,0:37:45.480
find out what kind of stuff you can make
0:37:42.680,0:37:47.599
it not do because it will definitely be
0:37:45.480,0:37:49.440
able to do more than you need and the
0:37:47.599,0:37:52.040
more you can clamp down the more
0:37:49.440,0:37:53.720
security you will have uh it's even
0:37:52.040,0:37:55.079
worse if you do Agile development
0:37:53.720,0:37:58.079
because then by definition you don't
0:37:55.079,0:37:59.520
know what the end result will be so if
0:37:58.079,0:38:00.880
you don't know that you can't do
0:37:59.520,0:38:03.319
security
0:38:00.880,0:38:05.640
lockdown so another argument why we got
0:38:03.319,0:38:07.520
here is economics of scale so it used to
0:38:05.640,0:38:10.880
be that if you build some kind of device
0:38:07.520,0:38:13.280
that needs to do something like I don't
0:38:10.880,0:38:17.400
know uh a
0:38:13.280,0:38:19.680
microwave then you you find parts and
0:38:17.400,0:38:21.359
you combine the parts and you solder
0:38:19.680,0:38:24.119
them together and then they solve the
0:38:21.359,0:38:27.160
problem but these days uh you don't
0:38:24.119,0:38:29.680
solder parts anymore you assemble from
0:38:27.160,0:38:32.280
pre-made parts and these are usually
0:38:29.680,0:38:35.280
programmable right so a little arm chip
0:38:32.280,0:38:37.040
cost like a tenth of a scent so why use
0:38:35.280,0:38:38.800
a special part if you can use an arm
0:38:37.040,0:38:40.880
chip and then program it but that means
0:38:38.800,0:38:43.000
you still need to use software that
0:38:40.880,0:38:44.640
actually solves the problem the hardware
0:38:43.000,0:38:47.000
is generic and that means the hardware
0:38:44.640,0:38:49.800
can be hacked and this is turning out to
0:38:47.000,0:38:53.359
be a problem right if you had a break in
0:38:49.800,0:38:54.640
in 20 years youo um it it breaked right
0:38:53.359,0:38:57.040
but now it's
0:38:54.640,0:38:59.040
programmable and people have realized
0:38:57.040,0:39:01.200
how bad that is but it is bad right so
0:38:59.040,0:39:05.480
that's that will bite Us in the
0:39:01.200,0:39:07.680
ass oops so um the response from the
0:39:05.480,0:39:10.440
industry has so far been the ostrich
0:39:07.680,0:39:13.000
method basically we we install stuff
0:39:10.440,0:39:14.880
that we know is untrustworthy and so we
0:39:13.000,0:39:17.680
install other stuff on top of it that's
0:39:14.880,0:39:20.720
also untrustworthy and then we call it
0:39:17.680,0:39:24.119
Telemetry or big data and to some risk
0:39:20.720,0:39:26.599
uh logging analysis in in aze or
0:39:24.119,0:39:29.640
whatever uh and in the end the attack
0:39:26.599,0:39:31.839
surface has mushroomed like a nuclear
0:39:29.640,0:39:34.240
explosion right so that's our fault
0:39:31.839,0:39:36.000
nobody has forced us to do this you
0:39:34.240,0:39:39.079
don't need to do this in your own
0:39:36.000,0:39:41.119
projects that's the hopeful message of
0:39:39.079,0:39:42.640
this talk in conclusion if you remember
0:39:41.119,0:39:44.079
nothing else from this talk remember
0:39:42.640,0:39:46.520
that threat modeling is a thing and you
0:39:44.079,0:39:48.480
should try it TCB minimization actually
0:39:46.520,0:39:51.680
helps least privilege is another facet
0:39:48.480,0:39:53.800
of the same thing and if you can uh use
0:39:51.680,0:39:56.440
a pendon data storage you should
0:39:53.800,0:39:58.359
consider it hm blockchain yeah not
0:39:56.440,0:40:00.560
blockchain a pend only data storage it's
0:39:58.359,0:40:00.560
not
0:40:00.630,0:40:08.820
[Applause]
0:40:09.000,0:40:13.240
[Music]
0:40:10.720,0:40:15.200
blockchain so two more you two more
0:40:13.240,0:40:18.160
slides yeah two more slides sorry I'm an
0:40:15.200,0:40:20.480
imposter no problem so the rule of thumb
0:40:18.160,0:40:23.480
should be if if the blog of some
0:40:20.480,0:40:26.160
unwashed hobbyist from the Internet is
0:40:23.480,0:40:28.040
more secure than your it security then
0:40:26.160,0:40:30.359
you should improve your it
0:40:28.040,0:40:33.760
security right that shouldn't
0:40:30.359,0:40:35.400
happen all right so that's all from my
0:40:33.760,0:40:38.319
talk I think we still have time for
0:40:35.400,0:40:41.560
questions do we yes okay awesome okay
0:40:38.319,0:40:41.560
now you can put your hand
0:40:45.040,0:40:49.599
[Applause]
0:40:47.280,0:40:51.280
together so if you want to ask a
0:40:49.599,0:40:55.720
question we have four microphones in the
0:40:51.280,0:40:56.880
room 1 2 3 4 and I'm going to take a a
0:40:55.720,0:40:59.760
question the first first question from
0:40:56.880,0:41:02.359
the internet the internet is saying you
0:40:59.760,0:41:03.400
actually got hacked or can you elaborate
0:41:02.359,0:41:05.599
on what
0:41:03.400,0:41:07.119
happened Yes actually there was an
0:41:05.599,0:41:08.680
incident where someone was able to post
0:41:07.119,0:41:11.119
stuff to my blog and because I had a
0:41:08.680,0:41:14.640
pend only data storage I Shrugged it off
0:41:11.119,0:41:16.520
basically so use use a pendon data
0:41:14.640,0:41:19.480
storage it's it will save your ass at
0:41:16.520,0:41:22.079
some point the problem was a bug in my
0:41:19.480,0:41:23.960
uh Access Control lists I had used some
0:41:22.079,0:41:26.440
some Access Control list in my alab
0:41:23.960,0:41:27.880
server and I had a line in it that I
0:41:26.440,0:41:29.760
should have removed but I forgot to
0:41:27.880,0:41:33.200
remove it and that meant you could post
0:41:29.760,0:41:35.200
without having credentials but um it
0:41:33.200,0:41:38.040
happened and it wasn't bad because my
0:41:35.200,0:41:39.599
architecture prevented damage um as
0:41:38.040,0:41:42.440
people are leaving the room could you
0:41:39.599,0:41:44.760
leave very quietly thank you um
0:41:42.440,0:41:47.119
microphone number one yeah is there a
0:41:44.760,0:41:50.520
second alternative for Windows and Mac
0:41:47.119,0:41:52.720
OS a secure alternative well so
0:41:50.520,0:41:56.359
basically you can do the the principles
0:41:52.720,0:42:00.000
I um I showed in this talk you can do on
0:41:56.359,0:42:02.560
those two so usually you will not be
0:42:00.000,0:42:05.359
hacked because your your Mac OS or
0:42:02.560,0:42:07.079
Windows had a bug I that happens too but
0:42:05.359,0:42:09.319
the bigger problem is that the software
0:42:07.079,0:42:11.800
you wrote had a bug or that you the
0:42:09.319,0:42:14.480
software that you use had a bug so I'm
0:42:11.800,0:42:16.560
I'm trying to tell you Linux isn't uh
0:42:14.480,0:42:18.520
particularly more secure than Windows
0:42:16.560,0:42:20.599
it's just it's basically you can write
0:42:18.520,0:42:22.839
secure software and insecure software on
0:42:20.599,0:42:25.160
any operating system you should still
0:42:22.839,0:42:26.720
use Linux because it has advantages but
0:42:25.160,0:42:28.880
if you apply these Tech techniques to
0:42:26.720,0:42:31.720
your software it will be secure on on
0:42:28.880,0:42:34.480
Mac OS and windows as well right so this
0:42:31.720,0:42:36.040
is not for for end users selecting the
0:42:34.480,0:42:37.319
software if you select software you have
0:42:36.040,0:42:39.520
to trust the
0:42:37.319,0:42:42.200
vendor there's no way around that but if
0:42:39.520,0:42:44.280
you write your own software then you can
0:42:42.200,0:42:46.960
reduce the risk to a point where you can
0:42:44.280,0:42:49.119
live with it and sleep soundly sure is
0:42:46.960,0:42:51.359
there a a technical alternative or
0:42:49.119,0:42:53.119
similar similarity like sa comp for
0:42:51.359,0:42:54.760
Windows and Mac OS so can you drop your
0:42:53.119,0:42:57.960
privileges after you have opened a file
0:42:54.760,0:42:59.960
for example uh uh so for meos I'm not
0:42:57.960,0:43:02.680
sure but I know that that free BSD net
0:42:59.960,0:43:05.440
BSD and open BSD have an an equivalent
0:43:02.680,0:43:08.119
thing I think uh Macos has it too but
0:43:05.440,0:43:09.920
I'm I'm not sure about that for Windows
0:43:08.119,0:43:11.559
there's are sandboxing methods you can
0:43:09.920,0:43:13.359
look at the Chrome source code for
0:43:11.559,0:43:16.440
example they have a Sandbox it's open
0:43:13.359,0:43:18.960
source you can use that to do this kind
0:43:16.440,0:43:21.720
of thing okay thanks so microphone
0:43:18.960,0:43:23.800
number two except down that's gone so
0:43:21.720,0:43:27.160
microphone number three in that
0:43:23.800,0:43:29.480
case this is four I sorry four four yes
0:43:27.160,0:43:31.720
um will your next talk be about writing
0:43:29.480,0:43:33.559
software secure software in Windows and
0:43:31.720,0:43:35.559
if no uh how much assets would you
0:43:33.559,0:43:38.119
request to compensate for all the
0:43:35.559,0:43:41.839
pain
0:43:38.119,0:43:45.960
no it's not a question of
0:43:41.839,0:43:48.359
money okay uh microphone one um have you
0:43:45.960,0:43:49.440
tried removing unnecessary features from
0:43:48.359,0:43:52.240
open
0:43:49.440,0:43:54.680
SSL uh Yes actually I've I've done this
0:43:52.240,0:43:56.680
pretty pretty early but it's still it's
0:43:54.680,0:44:00.000
still much bigger than my code
0:43:56.680,0:44:03.440
so um for example op SSL has support for
0:44:00.000,0:44:05.119
UDP based TLs but there's a lot of
0:44:03.440,0:44:06.960
shared cyers in there you can remove
0:44:05.119,0:44:08.720
ciphers you don't need and and that
0:44:06.960,0:44:11.880
helps a bit but it's still it's the
0:44:08.720,0:44:14.720
biggest part of the web server by far I
0:44:11.880,0:44:18.200
think there was an internet question was
0:44:14.720,0:44:21.640
there no doesn't look like
0:44:18.200,0:44:22.839
yes no yes no no yes okay uh then
0:44:21.640,0:44:27.200
microphone
0:44:22.839,0:44:29.640
four as someone who is uh connected or
0:44:27.200,0:44:31.880
was connected to an industry which has
0:44:29.640,0:44:34.200
programming programmable
0:44:31.880,0:44:37.960
brakes
0:44:34.200,0:44:39.480
um what is your opinion about things
0:44:37.960,0:44:42.440
like
0:44:39.480,0:44:44.079
mizra well well so there are standards
0:44:42.440,0:44:45.240
in the automotive industry for example
0:44:44.079,0:44:48.040
like misra
0:44:45.240,0:44:50.359
to make sure you write better code and
0:44:48.040,0:44:52.520
it's mostly compliance so they give you
0:44:50.359,0:44:55.280
rules like um you shouldn't use
0:44:52.520,0:44:56.960
recursion in your code for example and
0:44:55.280,0:44:59.000
the functions should would be this big
0:44:56.960,0:45:01.640
at at most and this is more I mean it
0:44:59.000,0:45:03.440
will probably help a bit but it's much
0:45:01.640,0:45:05.800
better to to invest in in good
0:45:03.440,0:45:09.440
architecture but you may have noticed I
0:45:05.800,0:45:11.200
I've said I wrote the code in C and I
0:45:09.440,0:45:13.800
said nothing about what I did to make
0:45:11.200,0:45:15.880
sure it's it's good code so that's
0:45:13.800,0:45:17.559
that's a different dimension that's
0:45:15.880,0:45:20.800
orthogonal right
0:45:17.559,0:45:22.280
so follow those standards it will it
0:45:20.800,0:45:25.040
will make your code a bit better
0:45:22.280,0:45:26.640
probably um but it won't solve all the
0:45:25.040,0:45:29.040
problems and I think personally you
0:45:26.640,0:45:30.760
should do both you should make sure or
0:45:29.040,0:45:32.520
try to make sure that there's as little
0:45:30.760,0:45:34.160
bugs as possible in your code there's
0:45:32.520,0:45:36.079
ways to do that I had to talk about that
0:45:34.160,0:45:37.760
too but after you do that you should
0:45:36.079,0:45:40.200
still have these kind of
0:45:37.760,0:45:41.720
architectural guide guard rails that
0:45:40.200,0:45:44.079
keep you on track even if someone
0:45:41.720,0:45:46.240
manages to take over the
0:45:44.079,0:45:47.280
process so now I think there was an
0:45:46.240,0:45:50.599
internet
0:45:47.280,0:45:53.520
question yes uh the internet is asking
0:45:50.599,0:45:55.559
how would it work to like scale This
0:45:53.520,0:45:58.839
truly impressive security architecture
0:45:55.559,0:46:01.400
up for more use cases and more like
0:45:58.839,0:46:04.880
larger theme or would the theme size and
0:46:01.400,0:46:09.040
the feature keep ruin it yes
0:46:04.880,0:46:09.040
so oh no oh
0:46:09.070,0:46:15.839
[Laughter]
0:46:12.319,0:46:15.839
no well I'm
0:46:24.800,0:46:27.800
sorry
0:46:28.470,0:46:36.780
[Music]
0:46:37.760,0:46:40.760
la